CN115242530B - Vehicle-mounted safety communication system and method based on national cryptographic algorithm and automobile - Google Patents
Vehicle-mounted safety communication system and method based on national cryptographic algorithm and automobile Download PDFInfo
- Publication number
- CN115242530B CN115242530B CN202210888448.6A CN202210888448A CN115242530B CN 115242530 B CN115242530 B CN 115242530B CN 202210888448 A CN202210888448 A CN 202210888448A CN 115242530 B CN115242530 B CN 115242530B
- Authority
- CN
- China
- Prior art keywords
- original message
- unit
- module
- transmits
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L12/40006—Architecture of a communication node
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to the technical field of automobile communication, in particular to a vehicle-mounted safety communication system based on a national encryption algorithm, which comprises the following steps: the CAN receiving and transmitting module is connected with the whole vehicle system and receives an original message of the whole vehicle system; the MCU module is connected with the CAN transceiver module, and the CAN transceiver module transmits the original message to the MCU module; and the SOC module is connected with the MCU module, the MCU module transmits the original message to the SOC module for verification and analysis, the analysis result of the original message is transmitted to the MCU module after the SOC module verifies and analyzes, and the MCU module transmits the analysis result of the original message to the whole vehicle system through the CAN transceiver module. According to the vehicle-mounted safety communication system based on the national encryption algorithm, the vehicle-mounted ECU is utilized, a chip with safety hardware expansion is not required to be externally connected to be connected with a processor, application of the national encryption algorithm in a vehicle-mounted network is achieved, the implementation cost is low, and the safety is high.
Description
Technical Field
The invention relates to the technical field of automobile communication, in particular to a vehicle-mounted safety communication system and method based on a national cryptographic algorithm and an automobile.
Background
With the high-speed development of intelligent network-connected automobiles, the functions of the automobile networking are becoming more common, and the information security protection mechanism of the automobile-mounted communication network is becoming more important in the background.
With the increase of the demand of the automobile for network information, the vehicle-mounted CAN network gradually opens an interface, so that the information security attack from the outside CAN be led into the CAN bus network of the automobile through a wireless network (Bluetooth or wireless local area network) or an online diagnosis interface, thereby causing serious consequences such as illegal monitoring of CAN messages, malicious modification of the CAN messages, rebroadcasting and the like. Therefore, the AUTOSAR starts from the class Platform 4.2 to add a component which is totally called as vehicle-mounted secure communication (Secure Onboard Communication, secOC for short), provides an identity verification function for data transmission on an embedded network bus of an automobile, introduces a set of communication encryption and verification standard for the vehicle-mounted communication bus, and is used for protecting network communication between ECUs in the automobile.
Currently, components of SecOC typically require on-chip secure hardware extensions and provide corresponding firmware support, typically SHE (Secure Hardware Extension) and HSM (Hardware Security Module), with HSM having a higher level of security. The traditional encryption algorithm is generally realized by using an international encryption algorithm, and a relatively safe communication environment can be realized, so that in order to protect network communication between ECUs in a vehicle in the prior art, a chip with a safety hardware expansion is connected with a processor in an external connection mode, the chip with the safety hardware expansion increases additional cost, and the realization cost is high.
Disclosure of Invention
The invention aims to solve the technical problems that: in order to solve the technical problems that an external chip with a safety hardware expansion is connected with a processor in order to realize the existing assembly of the SecOC, the chip with the safety hardware expansion adds extra cost and high realization cost, the invention provides a vehicle-mounted safety communication system based on a national secret algorithm, the external chip with the safety hardware expansion is not required to be connected with the processor, and the application of the national secret algorithm in a vehicle-mounted network is realized, so that the realization cost is low and the safety is high.
The technical scheme adopted for solving the technical problems is as follows: a vehicle-mounted secure communication system based on a cryptographic algorithm, comprising: a whole vehicle system; the CAN transceiver module is connected with the whole vehicle system and receives an original message of the whole vehicle system; the MCU module is connected with the CAN transceiver module, and the CAN transceiver module transmits the original message to the MCU module; and the SOC module is connected with the MCU module, the MCU module transmits the original message to the SOC module for verification and analysis, the SOC module transmits the analysis result of the original message to the MCU module after verification and analysis, and the MCU module transmits the analysis result of the original message to the whole vehicle system through the CAN transceiver module.
Further, the system specifically further comprises an Ethernet module connected between the MCU module and the SOC module.
Further, specifically, the SOC module is connected with the MCU module through an SPI bus.
Further, the MCU module comprises a microcontroller abstract layer, a CAN interface layer, a PDU routing service unit, a communication service unit, an application layer, a security on-board communication unit, an encryption service management unit and a first ECU internal inter-core communication service unit;
the microcontroller abstract layer receives the original message transmitted by the CAN transceiver module;
the microcontroller abstract layer transmits the received original message to the PDU route service unit through the CAN interface layer;
the PDU route service unit receives the original message and judges whether the original message is a safe communication message or not;
if the original message is not a secure communication message, the PDU routing service unit transmits the original message to the communication service unit for processing, converts the original message into a target signal, and transmits the target signal to the application layer;
if the original message is a secure communication message, the PDU routing service unit transmits the original message to the secure onboard communication unit, the secure onboard communication unit transmits the original message to the encryption service management unit, the encryption service management unit calls the first ECU internal inter-core communication service unit, and the first ECU internal inter-core communication service unit calls an interface of the microcontroller abstraction layer to transmit the original message to the SOC module;
one end of the CAN interface layer and the first ECU internal inter-core communication service unit are connected with the microcontroller abstract layer, the CAN interface layer, the safety onboard communication unit and the communication service unit are connected with the PDU routing service unit, the safety onboard communication unit and the communication service unit are also connected with the application layer, and the safety onboard communication unit and the first ECU internal inter-core communication service unit are connected with the encryption service management unit.
Further, specifically, the SOC module includes a national cryptographic algorithm library, a national cryptographic algorithm processing unit, a second ECU internal inter-core communication service unit and a driving unit;
the driving unit receives the original message and transmits the original message to the cryptographic algorithm processing unit through the second ECU internal inter-core communication service unit;
after the cryptographic algorithm processing unit acquires the original message, the cryptographic algorithm processing unit acquires an encryption and decryption processing request, invokes the cryptographic algorithm library and performs verification analysis on the original message;
the national encryption algorithm processing unit and the driving unit are both connected with the second ECU internal inter-core communication service unit, and the national encryption algorithm library is connected with the national encryption algorithm processing unit.
A vehicular safety communication method based on a national cryptographic algorithm adopts the vehicular safety communication system based on the national cryptographic algorithm, and the method comprises the following steps:
step S1: the CAN receiving and transmitting module receives an original message of the whole vehicle system;
step S2: the CAN transceiver module transmits the original message to the MCU module;
step S3: the MCU module acquires the original message and transmits the original message to the SOC module;
step S4: the SOC module receives the original message, the SOC module performs verification analysis on the original message, and the SOC module transmits an analysis result of the original message to the MCU module;
step S5: and the MCU module transmits the analysis result of the original message to the whole vehicle system through the CAN transceiver module.
Further, specifically, the step S3 specifically includes the following steps:
step S31: the microcontroller abstract layer receives the original message transmitted by the CAN transceiver module;
step S32: the microcontroller abstract layer transmits the received original message to the PDU route service unit through the CAN interface layer;
step S33: the PDU route service unit receives the original message and judges whether the original message is a safe communication message or not;
if the original message is not a secure communication message, the PDU routing service unit transmits the original message to the communication service unit for processing, converts the original message into a target signal, and transmits the target signal to the application layer;
if the original message is a secure communication message, the PDU routing service unit transmits the original message to the secure onboard communication unit, the secure onboard communication unit transmits the original message to the encryption service management unit, the encryption service management unit calls the first ECU internal inter-core communication service unit, and the first ECU internal inter-core communication service unit calls an interface of the microcontroller abstraction layer to transmit the original message to the SOC module;
further, specifically, the step S4 specifically includes the following steps:
step S41: the driving unit receives the original message and transmits the original message to the cryptographic algorithm processing unit through the second ECU internal inter-core communication service unit;
step S42: after the cryptographic algorithm processing unit acquires the original message, the cryptographic algorithm processing unit acquires an encryption and decryption processing request, invokes the cryptographic algorithm library and performs verification analysis on the original message;
step S43: the state-secret algorithm processing unit transmits the analysis result of the original message to the second ECU internal inter-core communication service unit, the second ECU internal inter-core communication service unit transmits the analysis result of the original message to the driving unit, and the driving unit transmits the analysis result of the original message to the interface of the micro-controller abstraction layer;
step S44: the interface of the micro-controller abstract layer transmits the analysis result of the original message to the inter-core communication service unit in the first ECU, and then transmits the analysis result of the original message to the safety onboard communication module through the encryption service management unit, the safety onboard communication module performs identity verification on the analysis result of the original message,
if the analysis result of the original message is verified to be legal, executing a step S5;
and if the analysis result of the original message is verified to be illegal, discarding the original message.
Further, specifically, the original message includes PDU information and freshness information, and the analysis result of the original message includes security check information.
An automobile comprising a national cryptographic algorithm based vehicular secure communication system as described above.
The vehicle-mounted safety communication system based on the national secret algorithm has the advantages that a chip with safety hardware expansion is not required to be connected with a processor, the MCU module can continue to use an Autosar software architecture, only an interface of an encryption and decryption service manager module is required to be adapted, communication services between the MCU module and the SOC module are realized, data are transmitted through the Ethernet module, important signals are effectively prevented from being illegally invaded and tampered, further effective guarantee is provided for life and property safety of users, application of the national secret algorithm in a vehicle-mounted network is realized, the realization cost is low, the safety is high, in addition, a backup communication channel is provided through the SPI bus, normal communication between the MCU and the SOC can be ensured when the Ethernet module fails, the data are transmitted through the SPI bus, and the safety is improved.
Drawings
The invention will be further described with reference to the drawings and examples.
Fig. 1 is a schematic structural view of embodiment 1 of the present invention.
Fig. 2 is a schematic diagram of a data transmission structure of embodiment 1 of the present invention.
Fig. 3 is a schematic diagram of a data receiving structure of embodiment 1 of the present invention.
Fig. 4 is a flowchart of embodiment 2 of the present invention.
In the figure 1, the whole vehicle system; 2. a CAN transceiver module; 3. an MCU module; 4. an SOC module; 5. an Ethernet module; 31. a microcontroller abstraction layer; 32. a CAN interface layer; 33. a PDU routing service unit; 34. a communication service unit; 35. an application layer; 36. a secure onboard communication unit; 37. an encryption service management unit; 38. a first ECU internal inter-core communication service unit; 41. a national encryption algorithm library; 42. a cryptographic algorithm processing unit; 43. a second ECU internal inter-core communication service unit; 44. and a driving unit.
Detailed Description
The invention will now be described in further detail with reference to the accompanying drawings. The drawings are simplified schematic representations which merely illustrate the basic structure of the invention and therefore show only the structures which are relevant to the invention.
In the description of the present invention, it should be understood that the terms "center", "longitudinal", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", "clockwise", "counterclockwise", "axial", "radial", "circumferential", etc. indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element being referred to must have a specific orientation, be configured and operated in a specific orientation, and therefore should not be construed as limiting the present invention. Furthermore, features defining "first", "second" may include one or more such features, either explicitly or implicitly. In the description of the present invention, unless otherwise indicated, the meaning of "a plurality" is two or more.
In the description of the present invention, it should be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
Example 1
As shown in fig. 1, a vehicle-mounted secure communication system based on a cryptographic algorithm according to a first embodiment of the present invention includes: the CAN transceiver module 2 is connected with the whole vehicle system 1, and the CAN transceiver module 2 receives an original message of the whole vehicle system 1; the MCU module 3 is connected with the CAN transceiver module 2, and the CAN transceiver module 2 transmits an original message to the MCU module 3; and the SOC module 4 is connected with the MCU module 3, the MCU module 3 transmits the original message to the SOC module 4 for verification and analysis, the SOC module 4 transmits the analysis result of the original message to the MCU module 3 after verification and analysis, and the MCU module 3 transmits the analysis result of the original message to the whole vehicle system 1 through the CAN transceiver module 2.
It should be noted that, the MCU module 3 and the SOC module 4 are vehicle-mounted ECUs of the whole vehicle domain controller, the MCU module 3 is generally used for monitoring the state of the whole ECU, power management, functional security policy management, and the like, and the SOC module 4 is generally used for processing high-speed performance computing applications. Each ECU node needs to ensure that the original message can be normally sent, verified and analyzed, and the safety of the whole vehicle can be ensured.
In the embodiment, the system further comprises an Ethernet module 5 connected between the MCU module 3 and the SOC module 4, so that the original message between the MCU module 3 and the SOC module 4 can be transmitted.
In an embodiment, the SOC module 4 and the MCU module 3 are connected through an SPI bus. The SPI bus provides a backup communication channel, and when the Ethernet module 5 fails, normal communication between the MCU and the SOC can be ensured.
In an embodiment, as shown in fig. 2-3, the MCU module 3 includes a microcontroller abstraction layer 31, a CAN interface layer 32, a PDU routing service unit 33, a communication service unit 34, an application layer 35, a secure on-board communication unit 36, an encryption service management unit 37, and a first ECU internal inter-core communication service unit 38; the microcontroller abstract layer 31 receives an original message transmitted by the CAN transceiver module 2; the microcontroller abstract layer 31 transmits the received original message to the PDU route service unit 33 through the CAN interface layer 32; the PDU routing service unit 33 receives the original message and judges whether the original message is a secure communication message; if the original message is not a secure communication message, the PDU routing service unit 33 transmits the original message to the communication service unit 34 for processing, converts the original message into a target signal, and transmits the target signal to the application layer 35; if the original message is a secure communication message, the PDU routing service unit 33 transmits the original message to the secure onboard communication unit 36, the secure onboard communication unit 36 transmits the original message to the encryption service management unit 37, the encryption service management unit 37 calls the first ECU internal inter-core communication service unit 38, so that the transmission of the original message is facilitated, and the first ECU internal inter-core communication service unit 38 calls the interface of the microcontroller abstraction layer 31 to transmit the original message to the SOC module 4.
It should be noted that, when the original message is transmitted by the whole vehicle system, the label processing is performed on each original message, and when the PDU routing service unit 33 receives the original message and determines whether the original message is a secure communication message, the distinction can be determined only according to the ID.
One end of the CAN interface layer 32 and the first ECU internal inter-core communication service unit 38 are all connected with the microcontroller abstraction layer 31, the CAN interface layer 32, the secure onboard communication unit 36 and the communication service unit 34 are all connected with the PDU routing service unit 33, the secure onboard communication unit 36 and the communication service unit 34 are also all connected with the application layer 35, and the secure onboard communication unit 36 and the first ECU internal inter-core communication service unit 38 are all connected with the encryption service management unit 37, so that the original message CAN be rapidly transmitted and processed in each unit of the MCU module 3.
In the embodiment, the SOC module 4 includes a national cryptographic algorithm library 41, a national cryptographic algorithm processing unit 42, a second ECU internal inter-core communication service unit 43, and a driving unit 44; the driving unit 44 receives the original message and transmits the original message to the cryptographic algorithm processing unit 42 through the second ECU internal inter-core communication service unit 43; after the cryptographic algorithm processing unit 42 obtains the original message, the cryptographic algorithm processing unit 42 obtains the encryption and decryption processing request, and invokes the cryptographic algorithm library 41 to verify and analyze the original message.
The national encryption algorithm processing unit 42 and the driving unit 44 are both connected with the second ECU internal inter-core communication service unit 43, and the national encryption algorithm library 41 is connected with the national encryption algorithm processing unit 42, so that the original message can be rapidly transmitted and processed in each unit of the SOC module 4.
The SOC module 4 further includes a Linux scheduling service unit, which is used for managing each unit in the SOC module 4.
The processor in the SOC-module 4 employs, but is not limited to, the horizon 3 chip J3. The processor of the MCU module 3 uses, but is not limited to, a TC3xx series chip in the intel auritux, and the ethernet module 5 uses, but is not limited to, a SJA1105 chip.
According to the vehicle-mounted safety communication system based on the national encryption algorithm, a chip with safety hardware expansion is not required to be connected with a processor, the MCU module can continue to use an Autosar software architecture, communication services between the MCU module and the SOC module only need to be adapted to interfaces of the encryption and decryption service manager module, data are transmitted through the Ethernet module, illegal invasion and tampering of important signals are effectively prevented, further effective guarantee is provided for life and property safety of users, application of the national encryption algorithm in a vehicle-mounted network is realized, the realization cost is low, the safety is high, in addition, a backup communication channel is provided through the SPI bus and the SPI bus, normal communication between the MCU and the SOC can be ensured when the Ethernet module fails, and the safety is improved through the data transmission through the SPI bus.
Example 2
Based on the same inventive concept as the vehicular safety communication system based on the cryptographic algorithm in the foregoing embodiment, the present invention further provides a vehicular safety communication method based on the cryptographic algorithm, as shown in fig. 4, where the method includes:
step S1: the CAN transceiver module 2 receives an original message of the whole vehicle system 1;
step S2: the CAN transceiver module 2 transmits the original message to the MCU module 3;
step S3: the MCU module 3 acquires an original message and transmits the original message to the SOC module 4;
step S4: the SOC module 4 receives the original message, the SOC module 4 verifies and analyzes the original message, and the SOC module 4 retransmits an analysis result of the original message to the MCU module 3;
step S5: the MCU module 3 sends the analysis result of the original message to the whole vehicle system 1 through the CAN transceiver module 2.
In an embodiment, step S3 specifically includes the following steps:
s31: the microcontroller abstract layer 31 receives an original message transmitted by the CAN transceiver module 2;
s32: the microcontroller abstract layer 31 transmits the received original message to the PDU route service unit 33 through the CAN interface layer 32;
s33: the PDU routing service unit 33 receives the original message and judges whether the original message is a secure communication message;
if the original message is not a secure communication message, the PDU routing service unit 33 transmits the original message to the communication service unit 34 for processing, converts the original message into a target signal, and transmits the target signal to the application layer 35;
if the original message is a secure communication message, the PDU routing service unit 33 transmits the original message to the secure onboard communication unit 36, the secure onboard communication unit 36 transmits the original message to the encryption service management unit 37, the encryption service management unit 37 calls the first ECU internal inter-core communication service unit 38, and the first ECU internal inter-core communication service unit 38 calls the interface of the microcontroller abstraction layer 31 to transmit the original message to the SOC module 4;
in an embodiment, step S4 specifically includes the following steps:
s41: the driving unit 44 receives the original message and transmits the original message to the cryptographic algorithm processing unit 42 through the second ECU internal inter-core communication service unit 43;
s42: after the cryptographic algorithm processing unit 42 obtains the original message, the cryptographic algorithm processing unit 42 obtains the encryption and decryption processing request, and invokes the cryptographic algorithm library 41 to verify and analyze the original message;
s43: the state-secret algorithm processing unit 42 transmits the analysis result of the original message to the second ECU internal inter-core communication service unit 43, the second ECU internal inter-core communication service unit 43 transmits the analysis result of the original message to the driving unit 44, and the driving unit 44 transmits the analysis result of the original message to the interface of the microcontroller abstraction layer 31;
s44: the interface of the micro-controller abstraction layer 31 transmits the analysis result of the original message to the first ECU internal inter-core communication service unit 38, and then transmits the analysis result of the original message to the secure onboard communication module through the encryption service management unit 37, the secure onboard communication module performs identity verification on the analysis result of the original message,
if the analysis result of the original message is verified to be legal, executing the step S5;
if the analysis result of the original message is verified to be illegal, discarding the original message.
In an embodiment, the original message includes PDU information and freshness information, and the parsing result of the original message includes security check information.
Example 3
Based on the same inventive concept as the vehicle-mounted safety communication system based on the national cryptographic algorithm in the previous embodiment, the invention also provides an automobile comprising the vehicle-mounted safety communication system based on the national cryptographic algorithm.
With the above-described preferred embodiments according to the present invention as an illustration, the above-described descriptions can be used by persons skilled in the relevant art to make various changes and modifications without departing from the scope of the technical idea of the present invention. The technical scope of the present invention is not limited to the description, but must be determined according to the scope of claims.
Claims (10)
1. A vehicle-mounted secure communication system based on a cryptographic algorithm, comprising:
a whole vehicle system (1);
the CAN transceiver module (2) is connected with the whole vehicle system (1), and the CAN transceiver module (2) receives an original message of the whole vehicle system (1);
the MCU module (3) is connected with the CAN transceiver module (2), and the CAN transceiver module (2) transmits the original message to the MCU module (3);
the system comprises an SOC module (4) and an MCU module (3), wherein the MCU module (3) is connected with the MCU module (3), the original message is transmitted to the SOC module (4) for verification and analysis, the SOC module (4) transmits the analysis result of the original message to the MCU module (3) after verification and analysis, and the MCU module (3) transmits the analysis result of the original message to the whole vehicle system (1) through the CAN transceiver module (2);
the MCU module (3) comprises a PDU routing service unit (33), a communication service unit (34), an application layer (35), a secure onboard communication unit (36), an encryption service management unit (37) and a first ECU internal inter-core communication service unit (38);
the PDU route service unit (33) receives the original message and judges whether the original message is a safe communication message;
if the original message is not a secure communication message, the PDU routing service unit (33) transmits the original message to the communication service unit (34) for processing, converts the original message into a target signal, and transmits the target signal to the application layer (35);
if the original message is a secure communication message, the PDU routing service unit (33) transmits the original message to the secure onboard communication unit (36), the secure onboard communication unit (36) transmits the original message to the encryption service management unit (37), the encryption service management unit (37) calls the first ECU internal inter-core communication service unit (38), and the first ECU internal inter-core communication service unit (38) transmits the original message to the SOC module (4).
2. The vehicle-mounted secure communication system based on a cryptographic algorithm as in claim 1, further comprising an ethernet module (5) connected between said MCU module (3) and said SOC module (4).
3. The vehicle-mounted safety communication system based on the cryptographic algorithm as in claim 1, wherein the SOC module (4) and the MCU module (3) are connected by an SPI bus.
4. The vehicle-mounted secure communication system based on a cryptographic algorithm as in claim 1, wherein said MCU module (3) further comprises a microcontroller abstraction layer (31) and a CAN interface layer (32);
the microcontroller abstraction layer (31) receives the original message transmitted by the CAN transceiver module (2);
the microcontroller abstraction layer (31) transmits the received original message to the PDU routing service unit (33) through the CAN interface layer (32);
the first ECU internal inter-core communication service unit (38) calls an interface of the microcontroller abstraction layer (31) to transmit the original message to the SOC module (4);
one end of the CAN interface layer (32) and the first ECU internal inter-core communication service unit (38) are connected with the microcontroller abstraction layer (31), the CAN interface layer (32), the safety on-board communication unit (36) and the communication service unit (34) are connected with the PDU routing service unit (33), the safety on-board communication unit (36) and the communication service unit (34) are also connected with the application layer (35), and the safety on-board communication unit (36) and the first ECU internal inter-core communication service unit (38) are connected with the encryption service management unit (37).
5. The vehicle-mounted safety communication system based on the cryptographic algorithm as in claim 4, wherein the SOC module (4) comprises a cryptographic algorithm library (41), a cryptographic algorithm processing unit (42), a second ECU internal inter-core communication service unit (43) and a driving unit (44);
the driving unit (44) receives the original message and transmits the original message to the cryptographic algorithm processing unit (42) through the second ECU internal inter-core communication service unit (43);
after the national encryption algorithm processing unit (42) acquires the original message, the national encryption algorithm processing unit (42) acquires an encryption and decryption processing request, invokes the national encryption algorithm library (41) and performs verification analysis on the original message;
the national cryptographic algorithm processing unit (42) and the driving unit (44) are connected with the second ECU internal inter-core communication service unit (43), and the national cryptographic algorithm library (41) is connected with the national cryptographic algorithm processing unit (42).
6. A vehicular secure communication method based on a cryptographic algorithm, employing the vehicular secure communication system based on a cryptographic algorithm as set forth in claim 5, the method comprising:
step S1: the CAN transceiver module (2) receives an original message of the whole vehicle system (1);
step S2: the CAN transceiver module (2) transmits the original message to the MCU module (3);
step S3: the MCU module (3) acquires the original message and transmits the original message to the SOC module (4);
step S4: the SOC module (4) receives the original message, the SOC module (4) performs verification analysis on the original message, and the SOC module (4) transmits an analysis result of the original message to the MCU module (3);
step S5: and the MCU module (3) transmits the analysis result of the original message to the whole vehicle system (1) through the CAN transceiver module (2).
7. The vehicular secure communication method based on the cryptographic algorithm of claim 6, wherein,
the step S3 specifically comprises the following steps:
step S31: the microcontroller abstraction layer (31) receives the original message transmitted by the CAN transceiver module (2);
step S32: the microcontroller abstraction layer (31) transmits the received original message to the PDU routing service unit (33) through the CAN interface layer (32);
step S33: the PDU route service unit (33) receives the original message and judges whether the original message is a safe communication message;
if the original message is not a secure communication message, the PDU routing service unit (33) transmits the original message to the communication service unit (34) for processing, converts the original message into a target signal, and transmits the target signal to the application layer (35);
if the original message is a secure communication message, the PDU routing service unit (33) transmits the original message to the secure on-board communication unit (36), the secure on-board communication unit (36) transmits the original message to the encrypted service management unit (37), the encrypted service management unit (37) calls the first ECU internal inter-core communication service unit (38), and the first ECU internal inter-core communication service unit (38) calls the interface of the microcontroller abstraction layer (31) to transmit the original message to the SOC module (4).
8. The vehicle-mounted secure communication method based on the cryptographic algorithm as in claim 7, wherein said step S4 specifically comprises the steps of:
step S41: the driving unit (44) receives the original message and transmits the original message to the cryptographic algorithm processing unit (42) through the second ECU internal inter-core communication service unit (43);
step S42: after the national encryption algorithm processing unit (42) acquires the original message, the national encryption algorithm processing unit (42) acquires an encryption and decryption processing request, invokes the national encryption algorithm library (41) and performs verification analysis on the original message;
step S43: the state-secret algorithm processing unit (42) transmits the analysis result of the original message to the second ECU internal inter-core communication service unit (43), the second ECU internal inter-core communication service unit (43) transmits the analysis result of the original message to the driving unit (44), and the driving unit (44) transmits the analysis result of the original message to the interface of the microcontroller abstraction layer (31);
step S44: the interface of the microcontroller abstraction layer (31) transmits the analysis result of the original message to the first ECU internal inter-core communication service unit (38), and then transmits the analysis result of the original message to the safety onboard communication module through the encryption service management unit (37), and the safety onboard communication module performs identity verification on the analysis result of the original message;
if the analysis result of the original message is verified to be legal, executing a step S5;
and if the analysis result of the original message is verified to be illegal, discarding the original message.
9. The method for vehicle-mounted secure communication based on cryptographic algorithm as in claim 6, wherein the original message comprises PDU information and freshness information, and the parsing result of the original message comprises security check information.
10. An automobile, characterized in that: the automobile comprises an on-board safety communication system based on a national cryptographic algorithm as in any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210888448.6A CN115242530B (en) | 2022-07-27 | 2022-07-27 | Vehicle-mounted safety communication system and method based on national cryptographic algorithm and automobile |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210888448.6A CN115242530B (en) | 2022-07-27 | 2022-07-27 | Vehicle-mounted safety communication system and method based on national cryptographic algorithm and automobile |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115242530A CN115242530A (en) | 2022-10-25 |
| CN115242530B true CN115242530B (en) | 2023-10-13 |
Family
ID=83675568
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210888448.6A Active CN115242530B (en) | 2022-07-27 | 2022-07-27 | Vehicle-mounted safety communication system and method based on national cryptographic algorithm and automobile |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115242530B (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106143364A (en) * | 2016-07-22 | 2016-11-23 | 北京航空航天大学 | A kind of electric automobile distributed director information security method and system |
| CN205899370U (en) * | 2016-06-17 | 2017-01-18 | 常州星宇车灯股份有限公司 | Novel automobile -used gateway device |
| WO2017092504A1 (en) * | 2015-12-03 | 2017-06-08 | 上海斐讯数据通信技术有限公司 | Router with hardware encryption/decryption function and encryption/decryption method thereof |
| WO2017152863A1 (en) * | 2016-03-11 | 2017-09-14 | 比亚迪股份有限公司 | On-vehicle multimedia system and vehicle |
| CN108494725A (en) * | 2018-01-30 | 2018-09-04 | 惠州市德赛西威汽车电子股份有限公司 | A kind of encryption communication method of vehicle-mounted CAN bus message |
| CN109743334A (en) * | 2019-02-28 | 2019-05-10 | 浙江众泰汽车制造有限公司 | A kind of T-BOX encryption system and method |
| CN110011809A (en) * | 2019-03-29 | 2019-07-12 | 深圳市元征科技股份有限公司 | A kind of communication means and vehicle diagnostic equipment of vehicle diagnostic equipment |
| CN110324222A (en) * | 2019-07-05 | 2019-10-11 | 厦门金龙联合汽车工业有限公司 | A kind of vehicle CAN bus data interactive system and its exchange method |
| CN110356359A (en) * | 2019-07-08 | 2019-10-22 | 华晨汽车集团控股有限公司 | Vehicle communication terminal and safety enter the encryption method of starting authorization module |
| CN111386513A (en) * | 2018-05-03 | 2020-07-07 | 华为技术有限公司 | Data processing method, device and system chip |
| CN113242251A (en) * | 2021-05-20 | 2021-08-10 | 北京九州云驰科技有限公司 | Vehicle-mounted network safety protection system and application method thereof |
| CN214202082U (en) * | 2020-12-15 | 2021-09-14 | 中国第一汽车股份有限公司 | Vehicle-mounted network system and automobile |
| WO2022143536A1 (en) * | 2020-12-31 | 2022-07-07 | 杭州趣链科技有限公司 | Apsoc-based state cipher calculation method, system, device, and medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR102244569B1 (en) * | 2018-11-26 | 2021-04-26 | 한국전자통신연구원 | Method and Apparatus for communication between devices based on automotive ethernet in vehicle network |
-
2022
- 2022-07-27 CN CN202210888448.6A patent/CN115242530B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017092504A1 (en) * | 2015-12-03 | 2017-06-08 | 上海斐讯数据通信技术有限公司 | Router with hardware encryption/decryption function and encryption/decryption method thereof |
| WO2017152863A1 (en) * | 2016-03-11 | 2017-09-14 | 比亚迪股份有限公司 | On-vehicle multimedia system and vehicle |
| CN205899370U (en) * | 2016-06-17 | 2017-01-18 | 常州星宇车灯股份有限公司 | Novel automobile -used gateway device |
| CN106143364A (en) * | 2016-07-22 | 2016-11-23 | 北京航空航天大学 | A kind of electric automobile distributed director information security method and system |
| CN108494725A (en) * | 2018-01-30 | 2018-09-04 | 惠州市德赛西威汽车电子股份有限公司 | A kind of encryption communication method of vehicle-mounted CAN bus message |
| CN111386513A (en) * | 2018-05-03 | 2020-07-07 | 华为技术有限公司 | Data processing method, device and system chip |
| CN109743334A (en) * | 2019-02-28 | 2019-05-10 | 浙江众泰汽车制造有限公司 | A kind of T-BOX encryption system and method |
| CN110011809A (en) * | 2019-03-29 | 2019-07-12 | 深圳市元征科技股份有限公司 | A kind of communication means and vehicle diagnostic equipment of vehicle diagnostic equipment |
| CN110324222A (en) * | 2019-07-05 | 2019-10-11 | 厦门金龙联合汽车工业有限公司 | A kind of vehicle CAN bus data interactive system and its exchange method |
| CN110356359A (en) * | 2019-07-08 | 2019-10-22 | 华晨汽车集团控股有限公司 | Vehicle communication terminal and safety enter the encryption method of starting authorization module |
| CN214202082U (en) * | 2020-12-15 | 2021-09-14 | 中国第一汽车股份有限公司 | Vehicle-mounted network system and automobile |
| WO2022143536A1 (en) * | 2020-12-31 | 2022-07-07 | 杭州趣链科技有限公司 | Apsoc-based state cipher calculation method, system, device, and medium |
| CN113242251A (en) * | 2021-05-20 | 2021-08-10 | 北京九州云驰科技有限公司 | Vehicle-mounted network safety protection system and application method thereof |
Non-Patent Citations (5)
| Title |
|---|
| 《国密SM4算法在车载CAN总线的加密应用》;陈刚;《长江信息通信》(第第3期期);全文 * |
| AES加密算法的无钥匙进入系统;闫浩;;单片机与嵌入式系统应用(03);全文 * |
| AUTOSAR规范下安全车载通信技术的研究与实现;吴志红;李清晨;朱元;陆科;赵建宁;;通信技术(12);全文 * |
| SecOC安全机制中国密算法应用方案研究;修佳鹏;田超宇;杨正球;王志龙;;信息安全研究(09);全文 * |
| 电动轮汽车监控系统的集成化及大数据分析;童宪华;;铜业工程(05);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115242530A (en) | 2022-10-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109117313B (en) | Vehicle intelligent security gateway with disaster isolation backup management and control mechanism and management and control method | |
| Wolf et al. | Security in automotive bus systems | |
| Ueda et al. | Security authentication system for in-vehicle network | |
| CN110324301B (en) | System and method for generating rules for thwarting computer attacks on vehicles | |
| US11256498B2 (en) | Node, a vehicle, an integrated circuit and method for updating at least one rule in a controller area network | |
| US20200120117A1 (en) | Can communication based hacking attack detection method and system | |
| US20160173530A1 (en) | Vehicle-Mounted Network System | |
| CN109104352B (en) | Vehicle network operation protocol and method | |
| US10764326B2 (en) | Can controller safe against can-communication-based hacking attack | |
| JP2019194831A (en) | System and method of blocking computer attack on transportation means | |
| KR101972457B1 (en) | Method and System for detecting hacking attack based on the CAN protocol | |
| Kwon et al. | Mitigation mechanism against in-vehicle network intrusion by reconfiguring ECU and disabling attack packet | |
| KR101734505B1 (en) | Method and apparatus for detecting attack in vehicle network | |
| CN112347023A (en) | Security module for CAN node | |
| Murvay et al. | Practical security exploits of the FlexRay in-vehicle communication protocol | |
| CN112347022A (en) | Security module for CAN node | |
| Dadam et al. | Onboard Cybersecurity Diagnostic System for Connected Vehicles | |
| US11012453B2 (en) | Method for protecting a vehicle network against manipulated data transmission | |
| CN115242530B (en) | Vehicle-mounted safety communication system and method based on national cryptographic algorithm and automobile | |
| EP3713190B1 (en) | Secure bridging of controller area network buses | |
| Ansari et al. | IntelliCAN: Attack-resilient controller area network (CAN) for secure automobiles | |
| CN116800531A (en) | Automobile electronic and electric architecture and safety communication method | |
| Papadimitratos | “On the Road”-Reflections on the security of Vehicular communication systems | |
| Oberti et al. | Lin-mm: Multiplexed message authentication code for local interconnect network message authentication in road vehicles | |
| Chen et al. | Classified security protection evaluation for vehicle information system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |